There have always been a lot of brute force attempts/bot scans and hacking attempts on WordPress hosted sites (due to flaws in the core and a multitude of insecure plugins) â this site being no exception (theyâve even done some minor damage before).
But things appear to have really ramped up recently with a large increase in brute force attacks on WordPress sites. It seems to be the work of a rather crude botnet, which hits up the normal admin username (along with a few others like test/root etc) with a bunch of common passwords. Once it gets in, it leaves a backdoor and adss itself to the botnet â and starts scanning for other victims.